Creating Citrix NetScaler Policies with AppExpert - PowerPoint PPT Presentation

creating citrix netscaler policies with appexpert n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Creating Citrix NetScaler Policies with AppExpert PowerPoint Presentation
Download Presentation
Creating Citrix NetScaler Policies with AppExpert

play fullscreen
1 / 51
Creating Citrix NetScaler Policies with AppExpert
430 Views
Download Presentation
sevita
Download Presentation

Creating Citrix NetScaler Policies with AppExpert

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Creating Citrix NetScaler Policies with AppExpert

  2. Agenda NetScaler for Traffic Management Demo: Policies 1-2-3 AppExpert Policy Framework

  3. Agenda NetScaler for Traffic Management AppExpert Policy Framework Demo: Policies 1-2-3 Agenda item number 1

  4. Web Protocols Extremely “Chatty” Remote Users Further Away from Apps Increased Security Requirements Apps Moved into Fewer Centralized Datacenters Why NetScaler? Web Application Delivery Challenges

  5. Apps Users Solutions Must Span Two Worlds XML...SOAP...HTTP...WSDL...JSON...REST...RSS...AJAX...end-user experience... Mashup...RelTag...SOA...Application Availability...Data theft...RIA...Wiki...Enterprise 2.0 Application Traffic Network Traffic Router Switch Firewall MAC address...Source IP...Destination IP...Source port...Destination port...Ping... OSPF...RIP...BGP...ACL...DNS...Subnet...802.XX...ARP...ICMP...RTT...SYN...ACK... Keepalive...SNMP...SSH...SSL...MTBF...Latency...

  6. Apps Users XML...SOAP...HTTP...WSDL...JSON...REST...RSS...AJAX...end-user experience... Mashup...RelTag...SOA...Application Availability...Data theft...RIA...Wiki...Enterprise 2.0 AppExpert Policy Framework Router Switch Firewall MAC address...Source IP...Destination IP...Source port...Destination port...Ping... OSPF...RIP...BGP...ACL...DNS...Subnet...802.XX...ARP...ICMP...RTT...SYN...ACK... Keepalive...SNMP...SSH...SSL...MTBF...Latency...

  7. Why AppExpert? • Traffic Management on the NetScaler is handled by policies • AppExpert Visual Policy Builder provides an easy flexible interface to write and apply policies • All of NetScaler Feature Sets can be controlled via policies. • And writing policies with AppExpert on the NetScaler is so easy that…

  8. Code-Monkeys need NOT apply

  9. Agenda AppExpert Policy Framework NetScaler for Traffic Management Demo: Policies 1-2-3 Agenda item number 1

  10. AppExpert Policy Engine Application 1 Application 2 Users AppExpert Policy Engine 1) Receive + terminate requests 2) Decrypt / authenticate / analyze requests 3) Apply policy + dispatch valid requests 4) Multiplex over persistent connections

  11. What NetScaler Features use Policies? Feature Sets Feature Sets Content switching (CS) Compression (CMP) Content Filtering (CF) Integrated Caching (IC) Responder URL Rewrite Cache Redirection (CR) Priority Queuing (PQ) SureConnect (SC) SSL VPN …and more

  12. AppExpert Policy Framework is designed to help you… Definesapplication-aware policy expressions Logically combines multiple policy expressions And increase power and flexibilty by providing policy execution structure and flow control Compound Expressions Policy Banks Policy Expressions

  13. Defining AppExpert Policy Engine Elements • Actions • Expressions • Policies and Policy Banks

  14. AppExpert NetScaler Policies • NetScaler Traffic Management is controlled using policies • For example-compression policy defines conditions for compressing content • A policy consists of expression and action POLICY ACTION EXPRESSION

  15. What are Policy Actions? Actions are owned by individual feature sets For example an actions that is configurable in the responder module is different than an action configurable in the rewrite module The individual feature set has to ensure that the respective actions are applied when there is a policy match

  16. UnderstandingActions Actions can be predefined or customizable (using expression sytax) Actions cannot depend on results of other actions All actions are applied at the end of the policy evaluation process For example: A single HTTP header cannot be modified by multiple actions – if you insert a new header “my-header” you cannot then change the name of the header to “my-new-header”.

  17. What Are Expressions? • An expression is the most fundamental component of a policy. • Expressions are a common pool of conditions that can be applied to content entering the Citrix NetScaler system • For example; source IP address or browser type • Expressions be "named" or "inline"

  18. What Are Expressions? • Policy expression syntax is universal and shared among NetScaler features • Expressions referenced as a rule by NetScaler feature sets • Expressions can be unary or compound • The expression (or condition that is evaluated) does not change the content, but the configured action can change the content

  19. GUI - Policy Expressions

  20. Writing Expressions using AppExpert Visual Expression Builder

  21. Advanced vs. Classic Expression Syntax Advanced Syntax Classic Syntax • Policy Expressions must be written inline • Is not available for all feature sets • Increases the processing power and flexibility of policies through the use of GOTO expressions and Policy Banks • Easy to configure and use • Policy Expressions can be named or inline • Is not available for all feature sets • Backwards compatible with previous versions of the NetScaler • Easy to configure and use

  22. Defining Top Level Objects for expressions

  23. AppExpert Policy Expressions

  24. Structure of Basic Expressions In the Policy Engine, a basic expression is a composition of object-level operations Basic expressions consist of a top level starter object followed by various operations or parameters HTTP.REQ.HEADER (advanced), or REQ.HTTP.HEADER (classic)

  25. Understanding Expression Types Expressions can return one of the following: A BOOLEAN TRUE or FALSE (used in all Policy types)Example: “HTTP.REQ.IS_VALID” A STRING (Used in Rewrite Actions)Example:add rewrite action INSERT_CLIENT_IP insert_http_header “Client-ip” “CLIENT.IP.SRC”

  26. AppExpert Visual Policy Builder

  27. What are AppExpert Policy Banks? • A policy bank is a bind point for a group of policies • Each policy in a policy bank must have a priority defined • Every policy is evaluated in priority order • Two policies can not have the same priority • Predefined banks include: • Override • Default

  28. AppExpert Policy Banks GotoExp statements Policy match will trigger “jump” to another policy within the bank Cannot GotoExp back (no possibility of endless loop) Provides structured execution and flow control Performance optimization (course-grained policies first) Deterministic execution Subroutine call-like behavior Processing of policies within a policy bank ends when all valid policies have been processed or an END is encountered on a policy match

  29. Agenda Demo: Policies 1-2-3 NetScaler for Traffic Management AppExpert Policy Framework Agenda item number 1

  30. Using AppExpert to Configure Policies Configuing Policies is as easy as 1-2-3 Create/Identify the Feature Specific Action Create the Expression and Add the Expression and Action into the Policy Bind/Activate the Policy

  31. In this demonstration we will configure a policy for the Rewrite Feature that will mask the backend server's software type in the HTTP traffic RewriteDemo

  32. Create the Action NetScaler Rewrite Action 1

  33. Create the Expression and Policy Create the Rewrite policy by creating an expression and adding your action 2

  34. Bind Bind your policy 3

  35. And… Test

  36. In this demonstration we will configure policies for Content Switching that will route test traffic to a test Load Balancing VServer which performs Load Balancing for the “test-web” servers which exist within the same domain as the production web servers Content switching Demo

  37. Identify the Action A Content Switching Action is the target Load Balancing Vserver, so first we need to create/identify which LB Vserver will be the target. 1

  38. Create the Expression and Policy Create the CS Policy which will identify internal testing team via IP address 2

  39. Bind Activate your policy on the Content Switching Server 3

  40. And… Test

  41. In this demonstration we will configure a policy for Responder which will respond to a request URL with /myIP. The NetScaler will provide an auto-generated page that gives the client their IP address (this page does not exist on the backend web servers). Responder Demo

  42. Create the Action NetScaler Responder Action 1

  43. Create the Expression and Policy Create the responder policy by creating an expression and adding your action 2

  44. Bind Bind your policy 3

  45. And… Test

  46. In this demonstration we will configure an integrated caching request policy to cache any content that contains .html in the requested URL Integrated caching Demo

  47. Identify the Action Identify the NetScaler Integrated Caching Action you will use 1

  48. Create the Expression and Policy Create the Integrated Caching policy by creating an expression and adding a pre-defined action 2

  49. Bind Activate your policy 3

  50. And… Verify